The Cyber Intelligence Sharing and Protection Act (CISPA) is a bill in the United States House of Representatives. The purpose of the bill is to provide a framework for information sharing between government agencies and private companies on matters of cybersecurity. It also encourages private companies to share information among themselves.

This framework provides private companies with an immunity to privacy laws for information shared or actions taken in response to a threat to cybersecurity systems.

PresidentBarack Obama issued a veto threat if CISPA passed both chambers of Congress in its current form. On April 12, 2012, shortly after the White House veto threat, the House of Representatives passed the legislation. The vote was 248 in favor and 168 opposed, with 42 Democrats joining 206 Republicans in supporting the legislation.

Groups like the Electronic Frontier Foundation and the American Civil Liberties Union criticized the legislation for being unnecessarily vague and overly broad, essentially creating a loophole to existing privacy laws.

Groups like Verizon and the U.S. Chamber of Commerce supported the legislation for setting out a simple and effective means of sharing important cyber threat information with the government.

The initial version of the legislation never made it to a vote in the Senate.

Critics of CISPA point to the fact that the language in the bill is both vague and broad. It gives quite a bit of leeway to internet companies to take any action they deem necessary in response to a perceived threat. Many key terms are undefined, or defined in circular ways that could increase the probability of abuse. The end result would pose a danger to privacy by making it too easy for companies to share user information.

Another criticism of the bill is that companies already share information about cyberthreats, and the proposed law is unneeded.

Proponents of the bill have pointed to the prevalence of cybersecurity threats to American infrastructure, including financial institutions, electric and water utilities and air traffic control systems.

CISPA would make it more likely for internet companies to voluntarily share information and could lead to increased response time to cyberattacks by pooling data to identify the threat. Furthermore, this version of CISPA does not specifically single out intellectual property infringement as being included. It also does not mandate companies to share information, it just makes it easier for them to do so.